Allwinner Technology committed to resolving Linux Kernel software issue

Question

Allwinner Technology committed to resolving Linux Kernel software issue

allwinner-zh opened this issue 8 years ago · comments

Zhuhai, China - Allwinner Technology.Co.Ltd (SHE: CN:300458) is working with its device manufacturers to fix a current software issue. We are aware that code, which was supplied to device manufacturers for the purpose of developing products, should have been removed prior to shipping. We recommend that anyone who is concerned about this issue should contact the relevant device manufacturer.

In relation to the source code on Github, it is released for the open source community only and not for shipping certain devices. Since a debugging function is not needed it has subsequently been removed.

Allwinner is committed to producing quality SoC’s with security a key priority. We are currently working hard to address this issue and revising our current processes so we can continue to evolve our range of SoC’s in the future.

jomo commented 8 years ago

Context

jomo · Answer 1 · Fri May 13 2016 00:00:06 GMT+0800 (China Standard Time)

Why was the history somewhat secretly rewritten after 38e3c92 instead of simply making a new commit to remove the bug? (Compare old HEAD vs new HEAD history)

Apparently 1324 files have been changed by the force push, see diff.

I also noticed some weird things with this repository which I can't explain:

After a clean clone, there's a list of modified files that's can't be stashed
The diff (see above) doesn't list the sunxi-debug.c file, although it is present in 55599b8 but not in 56c71e2. Even the patch file doesn't list it

David Manouchehri · Answer 2 · Fri May 13 2016 00:19:40 GMT+0800 (China Standard Time)

Dropping massive changes with no proper commits is what caused the backdoor to be missed in the first place. Rewriting history is a bad idea too, since it makes it look like you're trying to hide issues. (I'm not saying that's what actually happened, but that's what it looks like.)

Ideally Allwinner should adopt common Git practices like the rest of the open source industry, otherwise this is going to happen again.

Ｖ字龍(Vdragon) · Answer 3 · Sat May 14 2016 12:43:52 GMT+0800 (China Standard Time)

I don't like this~(raising tone)

Keeping history intact is the only way to make user trust your code, hiding it just ruins your reputation.

Sebastian Scholle · Answer 4 · Tue Mar 14 2017 17:40:17 GMT+0800 (China Standard Time)

Unfortunately these guys are not great with software, let alone adhering to common practice. Got a board with their A64 chip, what a load of marketing nonsense. Bad software all-round.